[問題] Ultravnc沒有加密的話,會被用Wireshar …
※ [本文轉錄自 Network 看板]
作者: magicfx (去南半球度假) 看板: Network
標題: [問題] Ultravnc沒有加密的話,會被用Wireshark找出密碼嗎?
時間: Mon Jun 9 13:03:13 2008
在 UltraVNC DSM plugin 的網頁 Q&A 中有提到
http://msrc4plugin.home.comcast.net/~msrc4plugin/faq.html
如果傳輸過程沒有加密
會被用 Sniffer (Wireshark ,也就是之前的 Ethereal)
分析封包
我嘗試用wireshark 1.0分析自己localhost連自己localhost的過程 (loopback)
但是沒有查出密碼!?
請問真的可以找出來嗎?
Q & A 裡有提到 RFB protocol
不過我在 filter 裡的 expression 找不到 RFB 耶
以下是原文:
------
Q: How can I verify that encryption is really working?"
You downloaded the plugin, set it up, connected, and everything worked great!
How can you prove to your boss that this stuff works?
A:
This is an age-old problem. I don't have any fool-proof way to prove you are
using encryption, but here are a few hints:
1. If the plugin is working, you CAN'T connect without the plugin. You get a
protocol error.
2. The VNC window should say something like UltraVNC + MS RC4 Plugin-vX.X.X.X
3. If you click on the Show Status Window button, you should see the plugin
mentioned there too.
4. You could always put a sniffer (Ethereal is a good one) on the line and
watch the initial exchange between the viewer and server. The first 2
messages are easy to recognize when the connection is NOT encrypted. (The
viewer and server exchange RFB version information. You'll see something like
"RFB 003.006") With encryption on, you won't see anything recognizable.
If you can think of a better way drop me an Email and I'll add it to the FAQ.
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 140.109.49.71
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 140.109.49.71